Businesses often don't realize why encryption is important and how they can use it to protect their data.

Encryption can be a confusing topic, but it's helpful to think about it like this: when you encrypt data you are storing it like you would money in a safe - you need a key to unlock the safe to get the money out.

Encryption can be used in many different ways.

Laptops, USB drives, and even smartphones can be encrypted using what is known as full-disk encryption. That means the entire hard drive of the device and everything on it is protected by encryption.

However, full-disk encryption can only keep your stuff secure when it's on the device. The second anything leaves the encrypted device it is readable by all.

If you think about the analogy of money in a safe, the encrypted disk is the safe, and the money is your data. Once you take your money out of the safe it is no longer protected.

Conversely, if you have file-level encryption, every file has a padlock. With file-level encryption, your data is protected when it is in transit, or stored somewhere in the cloud.

But there is a downside - file-level encryption is harder to manage than full-disk encryption, because whenever you want to access the data, you need the key. As you may want access from many devices and many places, this requires careful key management.

You need to think a bit more about what data you want to encrypt and why. You'll likely want to focus on file-level encryption for sensitive data and/or data that you copy to other places - for example, documents you want to access from a service like Dropbox.

It's important to understand that file-level encryption doesn't replace full-disk encryption. They complement each other. If you only encrypt your own files and not the full disk then it's very easy to miss something. Chances are your computer stores copies of your data in all sorts of places you didn't think about.

Most companies will want the IT department to carefully manage the encryption keys across various devices and make sure the master decryption keys are very well protected. Even smarter companies will ensure that no single person has full access to the powerful master key.

One way of doing this is designing a system such that two or more people need to contribute towards the decryption process (segregation of duties).

Good encryption software will have capabilities to make key management and segregation of duties relatively simple.

“Unencrypted files” is one of Sophos's 7 Deadly IT Sins. Find resources - including videos and whitepapers - about these common security sins on the Sophos website.